Ohio bill would impose limit on schools requiring access to students' private social media accounts

OHIO — A bill introduced earlier this year in Ohio would, with some exceptions, make it illegal for schools to require students to turn over access to their social media accounts either as a condition of admittance or under threat of disciplinary action.

Sponsored by Rep. Heather Bishoff, H.B. 424 would establish guidelines for social media access between companies and schools — including public and private colleges, charter schools, vocational schools and other educational institutions — and their respective employees, students or applicants. Bishoff and Rep. Robert Hackett introduced the bill in January, and it’s since been assigned to the Commerce, Labor and Technology committee.

Bishoff said the bill would establish “basic rules for play” on a new and increasingly important issue. Employers wouldn’t be able to force applicants or employees to provide access to their personal online accounts, according to the legislation, and the same would go for schools’ approach to student or prospective students’ online presences.

“There aren’t many guardrails in place as it relates to social media and state law,” Bishoff said. “What we’re seeing sweep across country right now is the placement of guardrails.”

Such legislation “has been introduced or is pending in at least 26 states” this year, according to the National Conference of State Legislatures. Many of the bills address social media privacy from the standpoint of an employer-employee relationship, but some — including ones in Hawaii, Maine, New Hampshire and elsewhere — include proposed protections for students.

Bishoff and Hackett, both financial advisers by trade, said they approached the legislation seeking a balance between providing privacy protections without completely banning social media oversight in certain circumstances.

Employees and students should be able to keep their personal communication personal, Bishoff said. On the other hand, she clarified, employers and educational institutions should still have some recourse in cases where privileged information might be compromised.

“Whatever they [an employer] can find without a user ID and password is fair game,” she said, “but they cannot ask for a user ID or password as a condition for hiring or employment.”

And access to employees’ and students’ accounts wouldn’t be prohibited under all circumstances. The legislation includes exceptions in cases involving, for example, a phone that’s paid for (even in part) by the employer or educational institution, as well as exceptions for an employer-provided account. Educational institutions could still require students to provide information to access “an account or service provided by the educational institution that is either obtained by virtue of the student’s admission to the educational institution or is used by the student for the institution’s educational purposes.”

Hackett, too, stressed his preference for a “middle of the road approach” on social media privacy. A self-described “pro-business” Republican, he said it was important that Ohio’s legislation took a less strict approach than, for example, California’s. (As reported by the Wall Street Journal, some financial groups took issue with the state’s law for what they viewed as a failure to allow employers to carry out routine, necessary oversight.)

In developing the bill, Bishoff relied in part on guidance from the Financial Services Institute and sought feedback from industry groups and a “large public university.” She declined to specify the institution by name.

The penalty for employers or educational institutions that violate the law would include a first-degree misdemeanor and a fine of up to $1,000.

By Casey McDermott, SPLC staff writer. Contact McDermott by email or at (703) 807-1904 ext. 127.